- name: check/create instance for jenkins-master
  hosts: jenkins-cloud  # 209.132.184.153
  user: root
  gather_facts: False
  tags:
   - jenkins_master

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"

  tasks:
  - include: "{{ tasks }}/persistent_cloud.yml"
  - include: "{{ tasks }}/growroot_cloud.yml"

- name: provision master
  hosts: 209.132.184.153
  user: root
  gather_facts: True
  tags:
   - jenkins_master

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  vars:
   - resolvconf: resolv.conf/jenkins-cloud

  roles:
   - base

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"

  - name: make the jenkins path
    action: file state=directory path=/var/lib/jenkins

  - name: mount our persistent space
    action: mount name=/var/lib/jenkins src='LABEL=jenkins' fstype=ext4 state=mounted

  - name: install pkgs for jenkins
    action: yum state=present pkg={{ item }}
    with_items:
    - vim
    - dejavu-s\*
    - fontconfig
    - java-1.8.0-openjdk
    - httpd
    - openssh-clients
    - git
    - nrpe
    tags:
    - packages

  - name: add jenkins proxy config file for apache
    action: copy src="{{ files }}/jenkins/master/jenkins-apache.conf"
            dest=/etc/httpd/conf.d/jenkins-apache.conf
            owner=root group=root mode=0644
    notify:
    - restart httpd
    tags:
    - config

  - name: enable apache
    action: service name=httpd state=running enabled=true

  - name: add jenkins upstream repo
    action: copy src="{{ files }}/jenkins/master/jenkins.repo" 
            dest=/etc/yum.repos.d/jenkins.repo
            owner=root group=root
    tags:
     - config

  - name: import jenkins upstream gpg key
    action: copy src="{{ files }}/jenkins/master/jenkins-ci.org.key"
            dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org
            owner=root group=root
    tags:
     - config

  - name: install pkgs for jenkins
    action: yum state=present pkg={{ item }}
    with_items:
    - jenkins
    tags:
    - packages

  - name: set the hostname to jenkins-osversion
    action: command hostname jenkins-master-{{ dist_tag }}
    tags:
    - config

  - name: make sure jenkins is stopped
    action: service name=jenkins state=stopped

  - name: clean any previous plugin deployments
    action: file state=absent path=/var/lib/jenkins/plugins

  - name: mkdir dir for jenkins data
    action: file state=directory path=/var/lib/jenkins/plugins/ owner=jenkins group=jenkins

#  - name: Download jenkins plugins
#    get_url: url=https://updates.jenkins-ci.org/download/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}.hpi
#             dest=/var/lib/jenkins/plugins/{{ item.name }}.hpi
#             sha256sum={{ item.sha }}
#    with_items:
#        - name: bazaar
#          version: '1.22'
#          sha: d7ff0987c96e2a694257ecf897ceee376908c5f94abfd1d5efc32482e4d54141
#        - name: chucknorris
#          version: '0.5'
#          sha: bd9df0507008255ad2ed046368d10a4d039a6cbcfefb53c71c1768cc0dcbf65b
#        - name: cobertura
#          version: '1.9.5'
#          sha: a76bc1524efc5ba05672638001c0e951edd2a853d222efcfb035e02169e4252a
#        - name: cvs
#          version: '2.12'
#          sha: 6e6dfd35e8501bf5f84a9d43d210db61165ce51a606327fc81f2efc5208478ba
#        - name: external-monitor-job
#          version: '1.2'
#          sha: 8dd2644271d0138839490342833e9ff7f82772038f673f5ac6220193c587747d
#        - name: git
#          version: '2.2.5'
#          sha: 92c51f33fbcbe858d05b40083d3c628f03b6ba5218626ee22db9a367947b7670
#        - name: git-client
#          version: '1.10.1'
#          sha: 19de6979a1360bc022bba9e061c4f946e51f252912234453d7f70af62d089e65
#        - name: instant-messaging
#          version: '1.29'
#          sha: b8fc1bff0c6f899f60d2d02b4ed321baf045fc0e5d4e0c3676d99197f94a8e5c
#        - name: ldap
#          version: '1.8'
#          sha: 491905ec3675b6a5acf2098722c121732801fd6210e6ff54bc99d213b5b8ee58
#        - name: matrix-auth
#          version: '1.2'
#          sha: a773c2fd6b2d70b2ff1c0466308290326d97f05b6fa72a217922997750aef39a
#        - name: maven-plugin
#          version: '2.6'
#          sha: 3a3a1e1d7e3416ea85ec09f953f5b8e37d943ca55b8e4224bbcfd702bed72fa5
#        - name: mercurial
#          version: '1.50'
#          sha: 934a6bd38e2109b97c915d80fdb6abc74a8ef4aff882b94ef0b1a274919ea407
#        - name: openid
#          version: '1.8'
#          sha: fed09c7da7762323cf55c3b725493622a4a2460eab8622230497e35914ac9d7e
#        - name: python
#          version: '1.2'
#          sha: e3358a945f21b84a8156237b0d621815a7822322e1180ae1e66d10798aaf1f56
#        - name: scm-api
#          version: '0.2'
#          sha: cc856d8dc8b951cf9a195baa2bf7bbff0d12368534a6b973e43e2909141eff3f
#        - name: ssh-agent
#          version: '1.4.1'
#          sha: ae8227bf219e96a4d76f36dc6d6e652ddd0209e8d9c4cf4483a07858d707ce6e
#        - name: subversion
#          version: '2.2'
#          sha: 221ed61c8e4ef959bb316ea93d188e19c8f980edac0f1e45a6cd8d7e13808b51
#        - name: translation
#          version: '1.11'
#          sha: 4d88b8d74ade119cef76827bd385693447fa68fa18fd1bfc8806aff9d931f00e
#        - name: violations
#          version: '0.7.11'
#          sha: f8eacb53eb01f83f3702009a41cef89e520a72933671ac1ee9154d88bde2d67a
#        - name: xunit
#          version: '1.90'
#          sha: 2beade6d7769db9d52ff147c7a491cd1e7c53b01c07b9eeb44daa27ee75b25ca
#        - name: multiple-scms
#          version: '0.3'
#          sha: e79d7e855ffe0ad060d11ae1ce0b39f68e7fa031c6e831f60fe33e5ddb3392ac
#        - name: credentials
#          version: '1.16.1'
#          sha: ae7e8ab317c03355390135d5eec683db7dceb5d513717d9fab624238a5ffe2bf
#        - name: mailer
#          version: '1.11'
#          sha: 9217be3008f323ac0535d4fb34118ed2681d6170d2d7de2f38b99ba331c4a256
#        - name: javadoc
#          version: '1.2'
#          sha: 4bde54b288b24d5deaa7f809df78373d3b37d683d4693ab42278f019252c86b9
#    notify:
#      - restart jenkins
#    tags:
#     - config
#
#  - name: Download additional jenkins plugins (from the maven repo)
#    get_url: url=http://maven.jenkins-ci.org/content/repositories/releases/org/jvnet/hudson/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}-{{ item.version }}.hpi
#             dest=/var/lib/jenkins/plugins/{{ item.name }}.hpi
#             sha256sum={{ item.sha }}
#    with_items:
#        - name: warnings
#          version: '4.39'
#          sha: 7652b7ed8971de932f46323aa8e0ddee2bcf4f14839296481ae79590e09f7606
#    notify:
#      - restart jenkins
#    tags:
#     - config

  - name: Install custom jenkins plugins (from ansible bigfiles)
    action: copy src="{{ bigfiles }}/jenkins/{{ item }}.hpi" dest=/var/lib/jenkins/plugins/{{ item }}.hpi
    with_items:
    - fedmsg
    - bazaar
    - chucknorris
    - cobertura
    - cvs
    - external-monitor-job
    - git
    - git-client
    - instant-messaging
    - ldap
    - matrix-auth
    - maven-plugin
    - mercurial
    - openid
    - python
    - scm-api
    - ssh-agent
    - subversion
    - translation
    - violations
    - xunit
    - multiple-scms
    - credentials
    - mailer
    - javadoc
    - warnings
    notify:
      - restart jenkins
    tags:
     - config

  - name: import jenkins configuration files
    action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
    with_fileglob:
     - "{{ files }}/jenkins/master/*.xml"
    tags:
     - config

  - name: Give the user jenkins the ownership of the /var/lib/jenkins
    file: path=/var/lib/jenkins/
          owner=jenkins group=jenkins recurse=yes

  - name: add jenkins ssh priv key so it can connect to clients
    action: copy src="{{ private }}/files/jenkins/ssh/jenkins_master" dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
    tags:
    - config

  - name: add jenkins credentials it can connect to clients
    action: copy src="{{ private }}/files/jenkins/ssh/credentials.xml" dest=/var/lib/jenkins/
    tags:
    - config

  - name: start jenkins itself
    action: service name=jenkins state=running

  - name: wait for a dir to exist - this is just ugly
    shell: while `true`; do [ -d /var/lib/jenkins/plugins/openid/WEB-INF/lib/ ] && break; sleep 5; done
    async: 1800
    poll: 20

  - name: jenkins hotfix big file
    copy: src={{ item }} dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
    with_fileglob:
     - "{{ bigfiles }}/hotfixes/jenkins/openid/*.jar"
    notify:
      - restart jenkins

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: setup fedmsg for the master (after jenkins has been installed)
  hosts: 209.132.184.153
  user: root
  gather_facts: True
  tags:
   - jenkins_master

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
   - role: fedmsg/base
     fedmsg_fqdn: jenkins.cloud.fedoraproject.org

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

###################################################
# jenkins slaves

- name: check/create instance for jenkins-slaves
  hosts: jenkins-slaves
  user: root
  gather_facts: False
  tags:
   - jenkins_workers

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
  vars:
   - keypair: fedora-admin-20130801
   - security_group: default

  tasks:
  - include: "{{ tasks }}/persistent_cloud.yml"
  - include: "{{ tasks }}/growroot_cloud.yml"

- name: provision workers
  hosts: jenkins-slaves
  user: root
  gather_facts: True
  tags:
   - jenkins_workers

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"

  - name: add jenkins repos
    action: copy src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root
    with_fileglob:
     - "{{ files }}/jenkins/slaves/*.repo"
    tags:
    - config
    - packages

  - name: install pkgs for jenkins
    action: yum state=present pkg={{ item }}
    with_items:
    - vim
    - java-1.8.0-openjdk
    - java-1.8.0-openjdk-devel
    - subversion
    - bzr
    - git
    - rpmlint
    - rpmdevtools
    - mercurial
    - mock
    - gcc
    - gcc-c++
    - libjpeg-turbo-devel
    - python-bugzilla
    - python-pip
    - python-virtualenv
    - python-coverage
    - pylint
    - python-argparse
    - python-nose
    - python-BeautifulSoup
    - python-fedora
    - python-unittest2
    - python-pep8
    - python-psycopg2
    - postgresql-devel   # Required to install python-psycopg2 w/in a venv
    - docbook-style-xsl  # Required by gimp-help-2
    - make               # Required by gimp-help-2
    - automake           # Required by gimp-help-2
    - libcurl-devel      # Required by blockerbugs
    - python-formencode  # Required by javapackages-tools
    - asciidoc           # Required by javapackages-tools
    - xmlto              # Required by javapackages-tools
    - pycairo-devel      # Required by dogtail
    - packagedb-cli      # Required by FedoraReview
    - xorg-x11-server-Xvfb  # Required by fedora-rube
    - libffi-devel       # Required by bodhi/cffi/cryptography
    - openssl-devel      # Required by bodhi/cffi/cryptography
    tags:
    - packages

  - name: install packages not (yet) available on el7 builder
    action: yum state=present pkg={{ item }}
    with_items:
    - python-straight-plugin
    - pyflakes           # Requested by user rholy (ticket #4175)
    - dia                # Required by javapackages-tools ticket #4279
    when: ansible_distribution_version != "7.0"
    tags:
    - packages

  - name: install pkgs for jenkins for fedora systems > F19
    action: yum state=present pkg={{ item }}
    when: is_fedora is defined and ansible_distribution_major_version > 20
    with_items:
    - sbt-extras

  - name: install pkgs for jenkins for fedora systems
    action: yum state=present pkg={{ item }}
    when: is_fedora is defined
    with_items:
    - python3
    - python-nose-cover3
    - python3-nose-cover3
    - glibc.i686
    - glibc-devel.i686
    - libstdc++.i686
    - zlib-devel.i686
    - ncurses-devel.i686
    - libX11-devel.i686
    - libXrender.i686
    - libXrandr.i686
    - nspr-devel           ## Requested by 389-ds-base
    - nss-devel
    - svrcore-devel
    - openldap-devel
    - libdb-devel
    - cyrus-sasl-devel
    - icu
    - libicu-devel
    - gcc-c++
    - net-snmp-devel
    - lm_sensors-devel
    - bzip2-devel
    - zlib-devel
    - openssl-devel
    - tcp_wrappers
    - pam-devel
    - systemd-units
    - policycoreutils-python
    - openldap-clients
    - perl-Mozilla-LDAP
    - nss-tools
    - cyrus-sasl-gssapi
    - cyrus-sasl-md5
    - libdb-utils
    - systemd-units
    - perl-Socket
    - perl-NetAddr-IP
    - pcre-devel            ## End of request list for 389-ds-base
    - maven                 # Required by xmvn https://fedorahosted.org/fedora-infrastructure/ticket/4054
    - gtk3-devel            # Required by dogtail
    - glib2-devel           # Required by Cockpit
    - libgudev1-devel
    - json-glib-devel
    - gobject-introspection-devel
    - libudisks2-devel
    - NetworkManager-glib-devel
    - systemd-devel
    - accountsservice-devel
    - pam-devel
    - autoconf
    - libtool
    - intltool
    - jsl
    - python-scss
    - gtk-doc
    - krb5-devel
    - sshpass
    - perl-Locale-PO
    - perl-JSON
    - glib-networking
    - realmd
    - udisks2
    - mdadm
    - lvm2
    - sshpass           # End requires for Cockpit
    - tito              # Requested by msrb for javapackages-tools and xmvn (ticket#4113)
    - pyflakes          # Requested by user rholy (ticket #4175)
    - devscripts-minimal # Required by FedoraReview
    - firefox           # Required for rube
    - python-devel      # Required for mpi4py
    - python3-devel     # Required for mpi4py
    - pwgen             # Required for mpi4py
    - openmpi-devel     # Required for mpi4py
    - mpich2-devel      # Required for mpi4py
    tags:
    - packages

  - name: drop current android SDK
    when: is_fedora is defined
    action: file state=absent path=/var/android

  - name: mkdir dir for android SDK
    when: is_fedora is defined
    action: file state=directory path=/var/android owner=jenkins_slave group=jenkins_slave

  - name: copy android SDK
    when: is_fedora is defined
    action: copy src="{{ bigfiles }}/jenkins/android-sdk-with-platform-17.tar.gz" dest=/var/android/ owner=jenkins_slave group=jenkins_slave

  - name: extract android SDK
    when: is_fedora is defined
    command: tar -xvf /var/android/android-sdk-with-platform-17.tar.gz --owner=jenkins_slave --group=jenkins_slave -C /var/android/

  - name: make /var/android belong to jenkins_slave
    when: is_fedora is defined
    action: file path=/var/android state=directory recurse=true owner=jenkins_slave group=jenkins_slave

  - name: delete sdk archive
    when: is_fedora is defined
    action: file state=absent path=/var/android/android-sdk-with-platform-17.tar.gz

  - name: Install newer android build-tools
    when: is_fedora is defined
    action: shell "echo y | /var/android/tools/android update sdk -u -a -t build-tools-19.1.0"

  - name: set the hostname to jenkins-osversion
    action: command hostname jenkins-{{ dist_tag }}
    tags:
    - config

  - name: setup jenkins_slave user
    action: user name=jenkins_slave state=present createhome=yes system=no
    tags:
    - jenkinsuser

  - name: setup jenkins_slave ssh key
    action: authorized_key user=jenkins_slave key="{{ item }}"
    with_file:
    - "{{ private }}/files/jenkins/ssh/jenkins_master.pub"

  - name: jenkins_slave to mock group
    action: user name=jenkins_slave groups=mock

  - name: add .gitconfig for jenkins_slave user
    action: copy src="{{ files }}/jenkins/gitconfig" dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
    tags:
     - config

  - name: template sshd_config
    copy: src="{{ item }}" dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
    with_first_found:
    - "{{ files }}/jenkins/sshd_config_slave.{{ ansible_distribution }}"
    - "{{ files }}/jenkins/sshd_config_slave"
    notify:
    - restart sshd
    tags:
     - config

  - name: mkdir dir for jenkins data
    action: file state=directory path=/mnt/jenkins owner=jenkins_slave group=jenkins_slave

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

